istio
diff --git a/‎security/v1beta1/authorization_policy.pb.go
Lines changed: 2 additions & 0 deletions b/‎security/v1beta1/authorization_policy.pb.go
Lines changed: 2 additions & 0 deletions
diff --git a/‎security/v1beta1/authorization_policy.pb.html
Lines changed: 4 additions & 2 deletions b/‎security/v1beta1/authorization_policy.pb.html
Lines changed: 4 additions & 2 deletions
diff --git a/‎security/v1beta1/authorization_policy.proto
Lines changed: 2 additions & 0 deletions b/‎security/v1beta1/authorization_policy.proto
Lines changed: 2 additions & 0 deletions
diff --git a/‎tests/testdata/authz-valid.yaml
Lines changed: 1 addition & 1 deletion b/‎tests/testdata/authz-valid.yaml
Lines changed: 1 addition & 1 deletion
@@ -462,6 +462,7 @@ message Source {
   // This field requires mTLS enabled and is the same as the `source.serviceaccount` attribute.
   //
   // This takes the format `<namespace>/<serviceaccount>`.
+  // `<serviceaccount>` may also be used to use the same namespace as the `AuthorizationPolicy`.
   //
   // If not set, any service account is allowed.
   //
@@ -475,6 +476,7 @@ message Source {
   // Optional. A list of negative match of Kubernetes service accounts.
   //
   // This takes the format `<namespace>/<serviceaccount>`.
+  // `<serviceaccount>` may also be used to use the same namespace as the `AuthorizationPolicy`.
   //
   // No form of wildcard (`*`) is allowed.
   // +protoc-gen-crd:list-value-validation:MaxLength=320
 
@@ -81,7 +81,7 @@ spec:
   rules:
     - from:
         - source:
-            serviceAccounts: ["baz/sa"]
+            serviceAccounts: ["baz/sa", "sa"]
         - source:
             principals: ["bar"]
         - source: